Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add net8.0 and efcore 8.0 #475

Closed
wants to merge 56 commits into from

merge with origin

62b7de9
Select commit
Loading
Failed to load commit list.
Closed

add net8.0 and efcore 8.0 #475

merge with origin
62b7de9
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Apr 13, 2024 in 5m 39s

Security Report

5 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-36414

Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Test/DbContextModel/EFCoreModels.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/azure.identity/1.7.0/azure.identity.1.7.0.nupkg

Dependency Hierarchy:

-> microsoft.entityframeworkcore.sqlserver.8.0.0.nupkg (Root Library)

   -> microsoft.data.sqlclient.5.1.1.nupkg

     -> ❌ azure.identity.1.7.0.nupkg (Vulnerable Library)

High 8.8 azure.identity.1.7.0.nupkg Upgrade to version: Azure.Identity - 1.10.2 None
CVE-2024-0056

Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Test/DbContextModel/EFCoreModels.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.1.4/microsoft.data.sqlclient.2.1.4.nupkg

Dependency Hierarchy:

-> microsoft.entityframeworkcore.sqlserver.6.0.25.nupkg (Root Library)

   -> ❌ microsoft.data.sqlclient.2.1.4.nupkg (Vulnerable Library)

High 8.7 microsoft.data.sqlclient.2.1.4.nupkg Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #482
CVE-2024-0056

Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Test/DbContextModel/EFCoreModels.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/5.1.1/microsoft.data.sqlclient.5.1.1.nupkg

Dependency Hierarchy:

-> microsoft.entityframeworkcore.sqlserver.8.0.0.nupkg (Root Library)

   -> ❌ microsoft.data.sqlclient.5.1.1.nupkg (Vulnerable Library)

High 8.7 microsoft.data.sqlclient.5.1.1.nupkg Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #482
CVE-2024-21319

Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Test/DbContextModel/EFCoreModels.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.identitymodel.jsonwebtokens/6.24.0/microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg

Dependency Hierarchy:

-> microsoft.entityframeworkcore.sqlserver.8.0.0.nupkg (Root Library)

   -> microsoft.data.sqlclient.5.1.1.nupkg

     -> ❌ microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg (Vulnerable Library)

Medium 6.8 microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #481
CVE-2024-21319

Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Test/DbContextModel/EFCoreModels.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.identitymodel.tokens.jwt/6.24.0/system.identitymodel.tokens.jwt.6.24.0.nupkg

Dependency Hierarchy:

-> microsoft.entityframeworkcore.sqlserver.8.0.0.nupkg (Root Library)

   -> microsoft.data.sqlclient.5.1.1.nupkg

     -> microsoft.identitymodel.protocols.openidconnect.6.24.0.nupkg

       -> ❌ system.identitymodel.tokens.jwt.6.24.0.nupkg (Vulnerable Library)

Medium 6.8 system.identitymodel.tokens.jwt.6.24.0.nupkg Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #481

Base branch total remaining vulnerabilities: 13
Base branch commit: cdf36ac3fea39008731b13a3684fdd2c8f4aa4ef


Total libraries scanned: 392

Scan token: c5d72c9e42e34f4eb84679646b706270

View more details on Mend Bolt for GitHub